Right, isn't this not a Zero Day specifically because it's not known to be exploited out in the wild. How can it be, no one else knows what the vuln is. It is being reported as part of a bug bounty with 90 day disclosure just like anything else would be.
I always get confused reading/talking about the definition of a zero-day with people... But this is what Wikipedia states, which is most consistent with my understanding.
> A zero-day (also known as 0-day) is a computer-software vulnerability unknown to those who should be interested in its mitigation (including the vendor of the target software). Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers or a network.
Seems like someone knows how to exploit this, and zoom / the general public don't know how to mitigate or perform it. That seems to fit this definition, no?
